Nyamul Hassan wrote:
Hi,
Sometime ago, a sales pitch from a very well known proxy vendor,
claimed to have SSL working seamlessly through their cache. Does
anyone know of a commercial proxy solution that can work without this
explicit config on the client side?
A TCP-level proxy is needed to legally do that. Squid does not pass
packets through anonymously, but requires the HTTP headers to be visible
for security checks.
HTTPS is designed specifically to prevent middleware decrypting traffic
without the client being informed. Which is why the client needs to
trust the proxy.
On 2010-08-27, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Shawn Wright wrote:
Got it working after closer inspection of tcpdump output, which revealed a
routing problem.
Now I need to move on to SSL traffic. We are using Squid 2.6-20 in
production, so clearly we need to upgrade to use SSLbump. Which version of
squid is considered most stable for use with SSLbump, in conjunction with
many ACLs and delay pools.
Thanks
I should mention that SSL Bump only works for browsers configured
explicitly to know the proxy is there and also to trust the proxy
generated SSL certificates.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.7
Beta testers wanted for 3.2.0.1
